aboutsummaryrefslogtreecommitdiffstats
path: root/test
Commit message (Collapse)AuthorAgeFilesLines
* test/rubygems: regenerate certificatesfeature/openssl-110-v2Kazuki Yamaguchi2016-05-0520-194/+213
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Regenerate test CA certificates with appropriate extensions Test certificates in test/rubygems lack the basic constraints extension. Here is the patch against rubygems' util/create_certs.rb. ruby util/create_certs.rb && cp test/rubygems/*.pem /path/to/ruby/test/rubygems/ && ruby util/create_encrypted_key.rb && cp test/rubygems/encrypted_private_key.pem /path/to/ruby/test/rubygems/ ------------------------ >8 ------------------------ diff --git a/util/create_certs.rb b/util/create_certs.rb index 4f6f9ea..313a724 100644 --- a/util/create_certs.rb +++ b/util/create_certs.rb @@ -4,37 +4,41 @@ require 'time' class CertificateBuilder - attr_reader :today + attr_reader :start def initialize key_size = 2048 - today = Time.now.utc - @today = Time.utc today.year, today.month, today.day + @start = Time.utc 2012, 01, 01, 00, 00, 00 @end_of_time = Time.utc 9999, 12, 31, 23, 59, 59 @end_of_time_32 = Time.utc 2038, 01, 19, 03, 14, 07 + @key_size = key_size @serial = 0 end - def create_certificates(key, subject, issuer_key = key, issuer = subject, - not_before: @today, not_after: :end_of_time) + def create_certificates(key, subject, issuer_key = key, issuer_cert = nil, + not_before: @start, not_after: :end_of_time, + is_ca: false) certificates = [] not_before, not_before_32 = validity_for not_before not_after, not_after_32 = validity_for not_after + issuer_cert, issuer_cert_32 = issuer_cert certificates << - create_certificate(key, subject, issuer_key, issuer, - not_before, not_after) + create_certificate(key, subject, issuer_key, issuer_cert, + not_before, not_after, is_ca) certificates << - create_certificate(key, subject, issuer_key, issuer, - not_before_32, not_after_32) + create_certificate(key, subject, issuer_key, issuer_cert_32, + not_before_32, not_after_32, is_ca) certificates end - def create_certificate key, subject, issuer_key, issuer, not_before, not_after - puts "creating cert - subject: #{subject}, issuer: #{issuer}" + def create_certificate(key, subject, issuer_key, issuer_cert, + not_before, not_after, is_ca) cert = OpenSSL::X509::Certificate.new + issuer_cert ||= cert # if not specified, create self signing cert + cert.version = 2 cert.serial = 0 @@ -45,32 +49,41 @@ class CertificateBuilder cert.public_key = key.public_key - cert.subject = - OpenSSL::X509::Name.new [%W[CN #{subject}], %w[DC example]] - cert.issuer = - OpenSSL::X509::Name.new [%W[CN #{issuer}], %w[DC example]] + cert.subject = OpenSSL::X509::Name.new [%W[CN #{subject}], %w[DC example]] + cert.issuer = issuer_cert.subject - ef = OpenSSL::X509::ExtensionFactory.new nil, cert + ef = OpenSSL::X509::ExtensionFactory.new issuer_cert, cert cert.extensions = [ - ef.create_extension('subjectAltName', "email:#{subject}@example") + ef.create_extension('subjectAltName', "email:#{subject}@example"), + ef.create_extension('subjectKeyIdentifier', 'hash') ] + if cert != issuer_cert # not self-signed cert + cert.add_extension ef.create_extension('authorityKeyIdentifier', 'keyid:always') + end + + if is_ca + cert.add_extension ef.create_extension('basicConstraints', 'CA:TRUE', true) + cert.add_extension ef.create_extension('keyUsage', 'keyCertSign', true) + end + cert.sign issuer_key, OpenSSL::Digest::SHA1.new + puts "created cert - subject: #{cert.subject}, issuer: #{cert.issuer}" cert end def create_key puts "creating key" - OpenSSL::PKey::RSA.new 2048 + OpenSSL::PKey::RSA.new @key_size end def create_keys names keys = {} names.each do |name| - keys[name] = create_key + keys[name] = OpenSSL::PKey::RSA.new File.read(File.join "test/rubygems/#{name}_key.pem") end keys @@ -108,37 +121,39 @@ keys = cb.create_keys [ keys[:public] = keys[:private].public_key -certs = { - alternate: - cb.create_certificates(keys[:alternate], 'alternate'), - child: - cb.create_certificates(keys[:child], 'child', - keys[:private], 'nobody'), - expired: - cb.create_certificates(keys[:private], 'nobody', - not_before: Time.at(0), - not_after: Time.at(0)), - future: - cb.create_certificates(keys[:private], 'nobody', - not_before: :end_of_time, - not_after: :end_of_time), - grandchild: - cb.create_certificates(keys[:grandchild], 'grandchild', - keys[:child], 'child'), - invalid_issuer: - cb.create_certificates(keys[:invalid], 'invalid', - keys[:invalid], 'nobody'), - invalid_signer: - cb.create_certificates(keys[:invalid], 'invalid', - keys[:private], 'invalid'), - invalidchild: - cb.create_certificates(keys[:invalidchild], 'invalidchild', - keys[:invalid], 'child'), - public: - cb.create_certificates(keys[:private], 'nobody'), - wrong_key: - cb.create_certificates(keys[:alternate], 'nobody'), -} +certs = {} +certs[:public] = + cb.create_certificates(keys[:private], 'nobody', + is_ca: true) +certs[:child] = + cb.create_certificates(keys[:child], 'child', + keys[:private], certs[:public], + is_ca: true) +certs[:alternate] = + cb.create_certificates(keys[:alternate], 'alternate') +certs[:expired] = + cb.create_certificates(keys[:private], 'nobody', + not_before: Time.at(0), + not_after: Time.at(0)) +certs[:future] = + cb.create_certificates(keys[:private], 'nobody', + not_before: :end_of_time, + not_after: :end_of_time) +certs[:invalid_issuer] = + cb.create_certificates(keys[:invalid], 'invalid', + keys[:invalid], certs[:public], + is_ca: true) +certs[:grandchild] = + cb.create_certificates(keys[:grandchild], 'grandchild', + keys[:child], certs[:child]) +certs[:invalid_signer] = + cb.create_certificates(keys[:invalid], 'invalid', + keys[:private], certs[:invalid]) +certs[:invalidchild] = + cb.create_certificates(keys[:invalidchild], 'invalidchild', + keys[:invalid], certs[:child]) +certs[:wrong_key] = + cb.create_certificates(keys[:alternate], 'nobody') base_dir = 'test/rubygems'
* test/open-uri: regenerate test certificatesKazuki Yamaguchi2016-05-051-80/+76
| | | | | | The current CA certificate is created with basicConstraints=CA:FALSE but it is no longer allowed in OpenSSL 1.1.0. So recreate the CA (and server certificate).
* test/openssl: don't test default session timeoutKazuki Yamaguchi2016-05-051-1/+0
| | | | | | | | | | | The default session timeout for TLSv1 is 7200 and shouldn't be 300. And this should not be checked because the value is decided by just "the 24 hours mentioned in the TLSv1 spec is way too long for http, the cache would over fill" (from OpenSSL's source comment). Old OpenSSL (<= 1.0.2) set ssl_ctx->session_timeout on SSL_CTX_new(), which we call always with SSLv23_method(), and it isn't updated with SSL_set_ssl_method().
* test/openssl: fix test_server_session to dup the sessionKazuki Yamaguchi2016-05-051-4/+4
| | | | | SSL_CTX_remove_session() sets not_resumable to the deleted session and OpenSSL 1.1.0 denies to resume a SSL_SESSION with not_resumable != 0.
* test/openssl: X25519 doesn't support signingKazuki Yamaguchi2016-05-051-1/+3
|
* test/openssl: DSA256 is prohibited with security_level=1Kazuki Yamaguchi2016-05-051-1/+16
|
* ext/openssl: ENGINE.cleanup is no-op in OpenSSL 1.1.0Kazuki Yamaguchi2016-05-051-47/+66
| | | | | Add note to the documentation, and fix tests which rely on Engine.cleanup. Test cases are now run in separate process.
* ext/openssl: remove SHA, DSS, DSS1 if using OpenSSL 1.1.0Kazuki Yamaguchi2016-05-056-8/+10
|
* ext/openssl: add SSLContext#set_ecdh_curvesKazuki Yamaguchi2016-05-052-25/+26
| | | | | | | | | | And deprecate #tmp_ecdh_callback. Since SSL_CTX_set_tmp_ecdh_callback() was removed in OpenSSL 1.1.0, we can't provide SSLContext#tmp_ecdh_callback anymore. Instead, we should use SSL_CTX_set1_curves_list() to set the curves and SSL_CTX_set_ecdh_auto() to make OpenSSL select automatically from the list.
* ext/openssl: add SSLContext#security_level, #security_level=Kazuki Yamaguchi2016-05-053-0/+22
| | | | | | | | OpenSSL 1.1.0 introduced "security level" and these methods deal with it. This patch includes many test changes: setting the level to 0. The default security level is 1 and this prohibits aNULL ciphers.
* ext/openssl: EVP_PKEY, DH, DSA, RSA, EC_KEY are made opaqueKazuki Yamaguchi2016-05-054-14/+28
| | | | | | | | | | | | | | | | | | | | Use EVP_PKEY_get0_* instead of pkey->pkey.* Use EVP_PKEY_base_id(pkey) instead of EVP_PKEY_type(pkey->type) Because of this, we can no longer set the parameters/keys directly, and the newly added functions as alternative require setting all relevant values at the same time. So this patch contains incompatibility: the following code no longer works (if using 1.1.0): dh = OpenSSL::PKey::DH.new(...) dh.priv_key = OpenSSL::BN.new(...) ...and we have to write like: dh = OpenSSL::PKey::DH.new(...) priv = OpenSSL::BN.new(...) pub = <calculate (dh.g ** priv) % dh.p> dh.set_key(pub, priv)
* ext/openssl: drop support for OpenSSL 0.9.6/0.9.7Kazuki Yamaguchi2016-05-052-38/+30
| | | | | | | | | The last release of OpenSSL 0.9.7 series was over 9 years ago (!) and even 0.9.8/1.0.0 are no longer supported (EOL was 2015-12-31). It actually doesn't compile since r40461 (ext/openssl/ossl_bn.c (ossl_bn_initialize): allow Fixnum and Bignum. [ruby-core:53986] [Feature #8217], 2013-04-25, 2.1.0) and it looks like nobody noticed it.
* stringio.c: warn block for newnobu2016-04-271-0/+6
| | | | | | | * ext/stringio/stringio.c (strio_s_new): warn if a block is given, as well as IO.new. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54792 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* Fix -e script encodingnobu2016-04-261-0/+28
| | | | | | | | * ruby.c (process_options): convert -e script to the encoding given by a command line option on Windows. assume it is the expected encoding. [ruby-dev:49461] [Bug #11900] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54785 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/ruby/test_array.rb: Add test cases for Array#sum withyui-knk2016-04-241-0/+3
| | | | | | non-numeric objects. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54739 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ruby.c: fix command line encoding on cygwinnobu2016-04-231-3/+10
| | | | | | | * ruby.c: cygwin does not use w32_cmdvector, command line can be other than UTF-8. [ruby-dev:49519] [Bug #12184] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54720 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/ruby/test_time_tz.rb: Tests depends on Europe/Moscow removedakr2016-04-221-13/+0
| | | | | | | | | | to avoid test failures due to the tzdata change. https://github.com/eggert/tz/commit/8ee11a301cf173afb0c76e0315b9f9ec8ebb9d95 Found by naruse. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54706 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* eval_jump.c: restore previous error infonobu2016-04-221-0/+18
| | | | | | | * eval_jump.c (exec_end_procs_chain): restore previous error info for each end procs. [ruby-core:75038] [Bug #12302] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54681 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* cgi/util.rb: remove CGI::Util#_unescapenobu2016-04-201-0/+17
| | | | | | | | | | * ext/cgi/escape/escape.c (cgiesc_unescape): define unescape method instead of _unescape, and should pass the optional argument to the super method. * lib/cgi/util.rb (CGI::Util#_unescape): remove intermediate method. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54655 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* assertions.rb: return the exceptionnobu2016-04-201-0/+1
| | | | | | | * test/lib/test/unit/assertions.rb (assert_syntax_error): return the rescued exception object as well as assert_raise. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54653 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * lib/time.rb: revert r54167 because it would breaksonots2016-04-191-32/+0
| | | | | | | | backward compatibilities, and it is documented that Time.parse does not take into account time zone abbreations other than ones described in RFC 822 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54647 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* use more descriptive assertionsnobu2016-04-191-57/+57
| | | | | | | * test/logger/test_logdevice.rb: use assert_predicate, assert_not_predicate, and assert_file instead of bare assert. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54646 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/logger/test_logdevice.rb: fix tests to pass on windowssonots2016-04-181-4/+6
| | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54641 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * lib/logger.rb: Add shift_period_suffix option [Fix GH-10772]sonots2016-04-181-0/+28
| | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54639 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* Allow specifying logger parameters in constructorsonots2016-04-181-0/+42
| | | | | | | * lib/logger.rb: Allow specifying logger prameters such as level, progname, datetime_format, formatter in constructor [Bug #12224] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54638 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* compile.c: fix dangling linknobu2016-04-181-0/+5
| | | | | | | | * compile.c (iseq_peephole_optimize): should not replace the current target INSN, not to follow the replaced dangling link in the caller. [ruby-core:74993] [Bug #11816] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54628 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* numeric.c: flo_truncatenobu2016-04-181-0/+26
| | | | | | | * numeric.c (flo_truncate): add an optional parameter, digits, as well as Float#round. [Feature #12245] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54625 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* numeric.c: int_truncatenobu2016-04-181-0/+25
| | | | | | | * numeric.c (int_truncate): add an optional parameter, digits, as well as Integer#round. [Feature #12245] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54624 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* test_float.rb: assertions for negative floatsnobu2016-04-181-0/+14
| | | | | | | * test/ruby/test_float.rb: add assertions for round,floor,ceil on negative floats. [Feature #12245] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54623 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* struct.c: unique membersnobu2016-04-162-0/+29
| | | | | | | * struct.c (struct_make_members_list, rb_struct_s_def): member names should be unique. [ruby-core:74971] [Bug #12291] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54612 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * array.c (rb_ary_sum): Don't yield same element twice.akr2016-04-151-0/+7
| | | | | | | | Found by nagachika. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54609 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * array.c (rb_ary_sum): Fix SEGV by [1/2r, 1].sum.akr2016-04-151-0/+1
| | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54606 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* array.c (rb_ary_sum): use rb_rational_add directlymrkn2016-04-151-0/+2
| | | | | | | | | | | * rational.c (rb_rational_add): rename from nurat_add. * array.c (rb_ary_sum): use rb_rational_add directly. * test/ruby/test_array.rb (test_sum): add assertions for an array of Rational values. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54602 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* array.c: sum for Rational and Float mixed arraysmrkn2016-04-151-0/+2
| | | | | | | | | | * array.c (rb_ary_sum): apply the precision compensated algorithm for an array in which Rational and Float values are mixed. * test/ruby/test_array.rb (test_sum): add assertions for the above change. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54601 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* thread.c: defer setting name in initializenobu2016-04-151-3/+3
| | | | | | | | * thread.c (rb_thread_setname): defer setting native thread name set in initialize until the native thread is created. [ruby-core:74963] [Bug #12290] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54600 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* thread.c: must be initialized to set namenobu2016-04-151-0/+6
| | | | | | | | | * thread.c (get_initialized_threadptr): extract ensuring that the thread is initialized. * thread.c (rb_thread_setname): thread must be initialized to set the name. [ruby-core:74963] [Bug #12290] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54598 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/ruby/test_array.rb (test_sum): add assertions for Rational andmrkn2016-04-151-4/+20
| | | | | | Complex numbers. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54591 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* io/console: unknown key code for names with nulnobu2016-04-151-0/+15
| | | | | | | | | | * ext/io/console/console.c (console_key_pressed_p): raise the same exception, "unknown virtual key code", for names with nul chars. though console_win32_vk() considers the length and can deal with nul chars, rb_sprintf() raised at PRIsVALUE previously, so quote it if it is unprintable. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54589 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* io/console: move conditionsnobu2016-04-151-4/+7
| | | | | | | * test/io/console/test_io_console.rb: move conditions for method definitions before the bodies. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54588 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* add assertions.akr2016-04-141-2/+8
| | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54581 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* add an assertion.akr2016-04-141-0/+2
| | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54579 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * array.c (rb_ary_sum): Support the optional argument, init, and block.akr2016-04-141-12/+20
| | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54577 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * array.c (rb_ary_sum): Array#sum is implemented.akr2016-04-132-7/+34
| | | | | | | | | | | | | Kahan's compensated summation algorithm for precise sum of float numbers is moved from ary_inject_op in enum.c. * enum.c (ary_inject_op): Don't specialize for float numbers. [ruby-core:74569] [Feature#12217] proposed by mrkn. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54565 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* numeric.c: flo_ceilnobu2016-04-131-0/+21
| | | | | | | * numeric.c (flo_ceil): add an optional parameter, digits, as well as Float#round. [Feature #12245] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54564 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* numeric.c: flo_floornobu2016-04-131-0/+22
| | | | | | | * numeric.c (flo_floor): add an optional parameter, digits, as well as Integer#floor. [Feature #12245] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54563 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* numeric.c: int_ceilnobu2016-04-131-0/+25
| | | | | | | * numeric.c (int_ceil): add an optional parameter, digits, as well as Integer#round. [Feature #12245] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54562 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* numeric.c: int_floornobu2016-04-131-0/+25
| | | | | | | * numeric.c (int_floor): add an optional parameter, digits, as well as Integer#round. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54561 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* file.c: File.empty?nobu2016-04-131-0/+7
| | | | | | | * file.c (Init_File): add alias File.empty? to File.zero?. [Feature #9969] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54559 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* parse.y: massign in condnobu2016-04-132-1/+6
| | | | | | | * parse.y (assign_in_cond): allow multiple assignment in conditional expression. [Feature #10617] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54558 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/ruby/test_basicinstructions.rb: add a test to check accessko12016-04-131-0/+22
| | | | | | | | | | | instance variables on special const objects. All of such objects are frozen, so that we can not set instance variables for them. But we can read instance variables and return default value (nil). git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54556 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-29 01:45:59 +0000